Wenda Tang is a lawyer in the Washington, DC office, where she is part of the Data Protection, Privacy and Cybersecurity practice group. Wenda focuses on drafting and interpreting technology-related contracts, including insertion orders, service provider addendums, DPAs, advertising agreements, and non-disclosure agreements. She also assists clients in complying with data protection and privacy laws, such as the CCPA, GDPR, HIPAA, GLBA, COPPA, CAN-SPAM Act, and TCPA.
We originally imagined AI to potentially advance to its current state 80 years from now. Instead, here we are, with the next great technology revolution developing right before our eyes. We suspect it will be every bit as transformative—and disruptive—as the rise of the Internet. Although there are numerous philosophical musings to be made on the topic, such discussions will…
After more than a year of negotiations, on March 25, 2022, the European Commission and the United States announced an agreement for a new Trans-Atlantic Data Privacy Framework. The new Framework will replace EU-U.S. Privacy Shield, which was invalided by the Court of Justice of the European Union (“CJEU”)’s Schrems II decision in July 2020. Since the Schrems II decision,…
In April 2020, Apple rolled out the App Tracking Transparency (“ATT”) framework, prompting legal and development teams to identify apps that “track”, as defined by Apple, users or access the IDFA and implement the ATT framework accordingly. See here for the NT Analyzer blog post. Technically, if a consumer chooses to opt-out of tracking, the app should no longer “track”…
Almost every website, mobile app, and IoT relies on third party code. More often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR. What is third party code? Third party code in this instance, refers to code or SDKs that have already been created by other developers. The use…
According to the California Attorney General, consumers may now utilize a new technology called the Global Privacy Control (“GPC”) in order to opt out of a “sale” of personal information under the California Consumer Privacy Act (“CCPA”). The GPC, according to its website, was developed by “various stakeholders including technologists, web publishers, technology companies, browser vendors, extension developers, academics, and…
Google recently announced that beginning later this year, for Android 12, Android devices will “zero-out” the Google Advertising ID (“GAID”) for users who have opted out of tracking and personalized advertising. (In other words, using the “Opt out of Ads Personalization” settings). Specifically, according to Google: “This Google Play services phased rollout will affect apps running on Android 12 devices…
Google announced that it will follow industry standards with respect to privacy obligations. All developers with apps on Google Play will be required to disclose the type of data collected and stored and how such data is used by Q2 of 2022. These are in addition to other elements, such as security practices, data deletion upon uninstallation of app, etc….
Google will not use alternate identity solutions to track users online after third-party cookies are phased out in 2022. Instead, Google plans to rely on Privacy Sandbox, which preserves privacy for consumers while still enabling publishers and advertisers to target their ads. (See A More Privacy First Web.) NT Analyzer catalogs all collected and disclosed data, identifying relevant risk in…